We use cookies to improve your experience on our site.
AVID-2026-R1222
Description
Vulnerability CVE-2023-27506
Details
Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2023-27506 describes a software vulnerability (local privilege escalation) in Intel Optimization for TensorFlow, a component used to accelerate AI workloads. This affects AI software stacks (TensorFlow optimization tools) and thus is relevant to the AI supply chain (dependencies/ runtimes in ML pipelines). It is not hardware- or firmware-only. The CVE text provides clear vulnerability behavior and scope, supporting its inclusion in AVID curation.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) Optimization for Tensorflow software |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L |
| Base Score | 5.5 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🔴 High |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-92 | Improper buffer restrictions |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-08-11
- Version: 0.3.3
- AVID Entry